<?php
session_start();
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) 
{
	
	$con = mysql_connect("db.cs.dal.ca","tameem","B00614969");
	if (!$con)
	{
		die('Could not connect: ' . mysql_error());
	}
	
	mysql_select_db("tameem", $con);
	
	if($_GET['action']=="a")
	{
			$sql="INSERT INTO users (id, password, role)
			VALUES ('$_POST[user]','$_POST[pass]','$_POST[role]')";
	}
	else if($_GET['action']=="e")
	{
			$sql="Update users SET id='$_POST[user]', password='$_POST[pass]', role='$_POST[role]'
			WHERE id='$_GET[id]'";
	}
	else if($_GET['action']=="d")
	{
			$sql="DELETE FROM users WHERE id='$_GET[id]'";
	}
	
		  
	if(!mysql_query($sql))
	{
		die('Error: ' . mysql_error());
	}
	mysql_close($con);
	header("location:users.php");
}
else
{
	header("location:index.php");
}
?>